Microsoft's Recall Feature in Windows 11: A Potential Privacy and Security Risk?

Redmond, Washington United States of America
Cybersecurity expert Kevin Beaumont discovered vulnerabilities, including data being stored in plain text form and OCR technology extracting sensitive information.
Microsoft maintains Recall is optional with privacy controls and not storing protected content.
Microsoft's Recall feature in Windows 11 uses AI technology to take screenshots and save them with personal data in a locally stored SQLite database.
Recall has been criticized for privacy concerns, potential security risks, and impact on productivity.
Microsoft's Recall Feature in Windows 11: A Potential Privacy and Security Risk?

In a world where data privacy and security have become increasingly important, Microsoft's new Recall feature in Windows 11 has raised significant concerns among users and cybersecurity experts. The feature, which is set to debut on June 18th as part of the Copilot Plus PCs, uses AI technology to take screenshots of everything a user does on their computer and saves them along with personal data in a locally stored SQLite database. While Microsoft maintains that Recall is an optional experience with privacy controls, critics argue that it poses a significant security risk, especially given the vulnerabilities found in the current version of the feature.

Cybersecurity expert Kevin Beaumont discovered several vulnerabilities in Recall, including the fact that data is stored in plain text form and extracting information from encrypted data appears relatively trivial. This raises concerns about how easily unauthorized users could access a user's database if they have local access or infect the PC with an info-stealer virus.

Furthermore, Recall uses Optical Character Recognition (OCR) to extract text from screenshots for faster searches. However, this technology has also been criticized for its potential security flaws and privacy concerns. By default, Recall stores a large amount of personal data including sensitive information such as usernames, passwords, and health care information.

Security researcher Kevin Beaumont's findings have intensified calls for Microsoft to recall the Recall feature due to its potential security nightmare and privacy risks. Analysts at Directions on Microsoft have also questioned whether Microsoft should recall the feature, highlighting the investments the company has made in compliance services such as Purview, which allows compliance teams to monitor user activities. However, despite these concerns, Microsoft has not yet announced any plans to recall or modify the Recall feature.

In addition to privacy and security concerns, Recall has also been criticized for its potential impact on productivity. Some experts argue that the feature could make it easier for malware and attackers to steal information by providing a comprehensive record of a user's activity on their computer. Meanwhile, Microsoft maintains that Recall is designed to provide an optional experience with privacy controls, disabling certain URLs and apps, and not storing protected content like passwords or financial account numbers in its screenshots.

Overall, the controversy surrounding Microsoft's Recall feature highlights the ongoing struggle to balance innovation and technology with privacy and security concerns. As more companies adopt AI-powered technologies, it is crucial that they take into account the potential risks and vulnerabilities associated with these tools to ensure that users' data remains safe and secure.



Confidence

85%

Doubts
  • Are there any known exploits for the OCR technology?
  • Is all personal data stored encrypted?
  • What measures does Microsoft have in place to prevent unauthorized access to Recall databases?

Sources

55%

  • Unique Points
    • Microsoft's new Windows AI tool, Recall, takes screenshots of user activity every five seconds and saves them on the device.
    • Ethical hacker Alex Hagenah released a tool called TotalRecall that automatically extracts and displays all data recorded by Recall on a laptop.
    • TotalRecall can determine the location of the Recall database on a laptop and make a copy of the file, parsing all data as it does so.
    • Recall stores records of websites visited and messages sent on encrypted messaging apps like Signal and WhatsApp.
  • Accuracy
    • , Microsoft claims that Recall's implementation includes local processing and encryption at rest to protect users’ data.
    • , By default, Recall stores a large amount of personal data including sensitive information such as usernames, passwords, and health care information.
    • , Recall could make it easier for malware and attackers to steal information.
  • Deception (30%)
    The article contains selective reporting and sensationalism. The author quotes security experts expressing concerns about the new Windows AI tool, Recall, but only reports on their negative opinions without providing any counterarguments or context. The title of the article is also sensational and implies that Recall is a dangerous tool that can easily be exploited by hackers, which may not be an accurate representation of the situation.
    • Dubbed TotalRecall—yes, after the 1990 sci-fi film—the tool can pull all the information that Recall saves into its main database on a Windows laptop.
    • Microsoft’s description of the tool says Recall could be used to search for recipes you’ve looked at online but whose websites you’ve forgotten.
    • Two weeks ahead of Recall’s launch on new Copilot+ PCs on June 18, security researchers have demonstrated how preview versions of the tool store the screenshots in an unencrypted database.
  • Fallacies (50%)
    The author commits an appeal to fear fallacy by implying that the data collected by Recall could easily be accessed and used maliciously by attackers. The author also uses inflammatory rhetoric when describing Recall as 'spyware' or 'stalkerware'.
    • > security experts say that data may not stay there for long.
    • The database is unencrypted. It’s all plain text.
    • An attacker could get a huge amount of information about their target, including insights into their emails, personal conversations, and any sensitive information that’s captured by Recall.
  • Bias (5%)
    The author expresses a negative opinion towards Microsoft's Recall tool and its potential for privacy invasion. He quotes cybersecurity experts who criticize the tool and demonstrate its vulnerabilities. The author also uses language that depicts the data collected by Recall as a 'gold mine' for criminal hackers or domestic abusers.
    • An attacker could get a huge amount of information about their target, including insights into their emails, personal conversations, and any sensitive information that's captured by Recall.
      • It does everything automatically.
        • The database is unencrypted. It's all plain text.
        • Site Conflicts Of Interest (100%)
          None Found At Time Of Publication
        • Author Conflicts Of Interest (100%)
          None Found At Time Of Publication

        76%

        • Unique Points
          • Microsoft's new feature in Windows 11, called Recall, takes periodic screenshots and saves them along with user interactions data in a locally stored SQLite database.
          • Recall uses Optical Character Recognition (OCR) to extract text from the screenshots for faster searches.
          • By default, Recall stores a large amount of personal data including sensitive information such as usernames, passwords, and health care information.
          • Security researcher Kevin Beaumont found several vulnerabilities in the current version of Recall, making it easy for unauthorized users to access a user's database if they have local access or infect the PC with an info-stealer virus.
        • Accuracy
          • Microsoft's new Windows AI tool, Recall, takes screenshots of user activity every five seconds and saves them on the device.
          • Recall stores records of websites visited and messages sent on encrypted messaging apps like Signal and WhatsApp.
        • Deception (30%)
          The article contains selective reporting as it only reports details that support the author's position about Recall being a potential security nightmare. The author quotes security researcher Kevin Beaumont and his findings about the implementation issues of Recall, but does not mention any counterarguments or reassurances from Microsoft. The article also implies that Recall is a huge amount of personal data by stating 'by default, on a PC with 256GB of storage, Recall can store a couple dozen gigabytes of data across three months of PC usage.' However, the author does not provide any context or evidence to support this claim.
          • In its current form, Recall takes screenshots and uses OCR to grab the information on your screen; it then writes the contents of windows plus records of different user interactions in a locally stored SQLite database to track your activity.
          • Data is stored on a per-app basis, presumably to make it easier for Microsoft’s app-exclusion feature to work.
          • The feature is pitched as a way to help users remember where they’ve been and to provide Windows extra contextual information that can help it better understand requests from and meet the needs of individual users.
        • Fallacies (80%)
          The author makes an appeal to authority by quoting security researcher Kevin Beaumont and referencing his findings. However, the author does not commit the fallacy himself as he is reporting on Beaumont's findings and providing context. The article also contains inflammatory rhetoric with phrases like 'potential security nightmare' and 'actual security nightmare', but these are opinions of the author and do not constitute a logical fallacy.
          • Microsoft says that by default, Recall’s screenshots take no pains to redact sensitive information
          • several days of data amounted to a database around 90KB in size
          • Data is stored on a per-app basis, presumably to make it easier for Microsoft’s app-exclusion feature to work
        • Bias (80%)
          The author expresses concern about the potential security risks of Microsoft's new feature 'Recall', which takes screenshots and uses OCR to grab information on a user's screen. The author mentions that this data is stored locally in an SQLite database and can be easily accessed if someone gains local access to the machine or infects it with an info-stealer virus. This implies a monetary bias, as the author is focusing on the potential financial harm that could come from having this information stolen.
          • But in its current form, Recall has ‘gaps you can drive a plane through’ that make it trivially easy to grab and scan through a user’s Recall database if you either (1) have local access to the machine and can log into any account (not just the account of the user whose database you’re trying to see), or (2) are using a PC infected with some kind of info-stealer virus that can quickly transfer the SQLite database to another system.
          • Site Conflicts Of Interest (100%)
            None Found At Time Of Publication
          • Author Conflicts Of Interest (100%)
            None Found At Time Of Publication

          59%

          • Unique Points
            • Microsoft is launching a new AI-powered Recall feature as part of the Copilot Plus PCs, set to debut on June 18th.
            • Cybersecurity expert Kevin Beaumont found that Recall stores data in a database in plain text, potentially making it vulnerable to malware extraction.
            • Recall could make it easier for malware and attackers to steal information.
            • Microsoft maintains that Recall is an optional experience with privacy controls, disabling certain URLs and apps, and not storing protected content like passwords or financial account numbers in its screenshots.
          • Accuracy
            • Recall is designed to screenshot everything you see or do on your computer and allow you to search and retrieve anything in seconds.
            • Recall snapshots are stored on the local hard disk of Copilot Plus PCs, protected by data encryption on the device and (if applicable) BitLocker.
          • Deception (35%)
            The article by Tom Warren contains several examples of deception through sensationalism and selective reporting. The title itself is sensational, implying that Recall is a 'disaster' without providing any context or evidence to support this claim. The author also quotes cybersecurity expert Kevin Beaumont making strong statements about the potential security flaws of Recall, but does not provide any counter-arguments or perspectives from Microsoft or other experts. Additionally, the article selectively reports on Beaumont's findings without mentioning that he has publicly shared his concerns and even created a website to demonstrate the vulnerabilities. This creates an incomplete and misleading picture of the situation.
            • Recall enables threat actors to automate scraping everything you’ve ever looked at within seconds.
            • Recall stores data in a database in plain text...This database file has a record of everything you’ve ever viewed on your PC in plain text.
            • Microsoft is about to launch a new AI-powered Recall feature that screenshots everything you do on your PC...experts who have tested the feature are already warning that Recall could be a ‘disaster’ for cybersecurity.
          • Fallacies (75%)
            The article contains some inflammatory rhetoric and appeals to authority but no formal fallacies were found. The author presents cybersecurity expert Kevin Beaumont's findings as a potential issue with Microsoft's Recall feature, which could be seen as an appeal to authority. Additionally, the author references Microsoft's response and the UK Information Commissioner's Office involvement, which may contribute to inflammatory rhetoric. However, no formal logical fallacies were identified in the content of the article itself.
            • Cybersecurity expert Kevin Beaumont has found that the AI-powered feature has some potential security flaws.
            • Microsoft maintains Recall is an optional experience and that it has built privacy controls into the feature.
          • Bias (15%)
            The author expresses a clear bias against Microsoft's Recall feature by repeatedly using the word 'disaster' and quoting cybersecurity expert Kevin Beaumont who has found potential security flaws in the feature. The author also uses language that depicts attackers as being able to easily steal information with Recall, without providing any counterargument or context.
            • Every few seconds, screenshots are taken. These are automatically OCR’d by Azure AI, running on your device, and written into an SQLite database in the user’s folder.
              • Recall could be a ‘disaster’ for cybersecurity.
                • Recall enables threat actors to automate scraping everything you’ve ever looked at within seconds.
                • Site Conflicts Of Interest (100%)
                  None Found At Time Of Publication
                • Author Conflicts Of Interest (100%)
                  None Found At Time Of Publication

                74%

                • Unique Points
                  • Microsoft’s Recall feature takes a snapshot of a Copilot+ PC user’s screen every couple of seconds and sends it to disk.
                  • Directions on Microsoft analyst Barry Briggs questioned if Microsoft should recall the Recall feature.
                  • Cybersecurity researcher Kevin Beaumont found vulnerabilities in Recall’s technology, including text OCR data being stored in plain text form and getting into the encrypted data appearing relatively trivial.
                • Accuracy
                  • Microsoft's Recall feature takes a snapshot of a Copilot+ PC user’s screen every couple of seconds and sends it to disk.
                  • Recall is on by default on Copilot+ PCs
                  • Microsoft’s help pages state that it is possible to disable saving screenshots in Recall, pause the system temporarily, filter applications where screenshots are taken, and delete gathered data at any time.
                • Deception (30%)
                  The author expresses his opinion that Microsoft should recall the Recall feature due to privacy concerns and security vulnerabilities. He also uses emotional manipulation by comparing the situation to Apple's marketing department. The article contains selective reporting as it only reports details that support the author's position, such as negative reactions from researchers and analysts, while ignoring any potential benefits or positive aspects of the Recall feature.
                  • However, in its current state, Recall is anything but sound.
                  • It is difficult to understand what Microsoft was thinking when it announced Recall and made the preview available.
                  • The overwhelmingly negative reaction has probably taken Microsoft leadership by surprise. For almost everybody else, it won’t have.
                • Fallacies (85%)
                  The author makes an appeal to authority fallacy by quoting Barry Briggs and Kevin Beaumont's opinions without providing any context or evidence of their expertise in the field. The author also uses inflammatory rhetoric by describing Microsoft's actions as 'Apple Mac marketing department' behavior.
                  • An add-on called Forensic Evidence can literally watch, in real time, what an employee is doing, in order to collect evidence for an investigation,
                • Bias (80%)
                  The author expresses a negative opinion towards Microsoft's Recall feature and raises concerns about privacy and security. He quotes Barry Briggs, an analyst from Directions on Microsoft, who also expresses a critical view of the feature. The author uses language that depicts the authorities potentially demanding access to Recall's local storage as a future possibility, which could be seen as fear-mongering.
                  • If Microsoft intended the 2024 Build event to be overshadowed by controversy then it succeeded as calls intensify for the company to rethink its strategy around Recall.
                    • It's difficult to understand what Microsoft was thinking when it announced Recall and made the preview available. It is almost as if something that developers were playing around with somehow made its way into the world in a half-baked state.
                      • Then there is the question of why Windows has long had a search feature crying out for investment, yet Microsoft chose instead to add to Windows’ attack surface with Recall.
                      • Site Conflicts Of Interest (100%)
                        None Found At Time Of Publication
                      • Author Conflicts Of Interest (100%)
                        None Found At Time Of Publication